Open Source Software ("OSS") is important business to your company. The improper integration of OSS into your company's information technology systems can impact company value. It has been estimated that intellectual property makes up 75% of the valuation of U.S. companies. Even if your company is not a seller of software, if OSS is not handled correctly, your company valuation can be affected.
There are tens of millions of lines of OSS source code available at no charge on the Internet. Developers are under pressure to meet deadlines and meet expense budgets. It is perfectly all right to use OSS to complete a software development project, as long as it is documented. OSS is available at no charge, yet it is not actually free because it comes with a license with certain encumbrances.
What is Open Source Software? First, source code is the English language version of software. It includes words such as "add", "move", "search" or "print". Source code is then passed through a compiler or interpreter such as Linux which then produces "object code". Object code is binary code in "0" or "1" (with a switch inside the computer either being "off" signaling a 0 or "on" signaling a 1). Humans can read and understand source code but cannot understand binary or object code. Thus, to have workable software that can be modified and maintained by a software developer, the developer must have the source code. If there is a bug in the code which needs to be fixed, the fix would have to be made to the source code and then the code would be run again through the compiler or interpreter to generate new object code which no longer includes the bug. Most software licensed by software owners is given to the licensee as object code. If the object code needs to be maintained, the licensee then must go back to the software owner, who can make the fix to the source code, to which the licensee does not have access.
Thus, the advantage of OSS is that the user can perform its own maintenance without the need to return to the vendor for a bug fix. This is a two-edged sword. Many users have no interest or skill in maintaining their own software -- they are very satisfied for the software owner to perform maintenance. But for those sophisticated users who want to perform their own modifications, OSS is a good vehicle.
At last count, the Open Source Initiative ("OSI") listed 69 OSS licenses on its website. The best known OSS license is the GNU General Public License ("GPL"). These OSS licenses have become known as "Copyleft" licenses, which generally require that (i) if a company distributes code which includes the OSS code, then source code must be provided with the distribution; (ii) if the OSS code is distributed, it must be distributed under the same OSS license from which it was initially licensed; (iii) it is not required that te distributor contribute back to the original OSS code base; and (iv) there is no restriction to the use and modification of the OSS code.
Some of key elements of the GPL license are as follows:
There are two types of fundamental risk for OSS. The first and most significant issue is the incorporation of OSS into a company's proprietary software and the effect of such incorporation. The second is the acquisition of a software (or other) company in which due diligence must be performed to determine whether the value of the software has been diluted by OSS. There are a variety of ways that companies approach OSS compliance. Some companies take a no-holds-barred approach and simply ban the use of OSS. This can be counter-productive in that the company limits its use of what could save it a great deal of development money; it is also difficult to enforce and could decrease productivity. Another approach is just ignoring the issue -- that approach is fine until a cataclysmic event occurs such as when the company is being sold and the OSS problem becomes front and center. Ignoring the issue could also result in major rewriting of the code or reputational damage to the company.
The best approach is for a company to take a number of steps to reduce the risk of OSS infecting the company's proprietary software:
For any custom software purchase, a code audit and due diligence must be performed. There are companies which specialize in this activity, and they should be retained to assure that the value being paid for a software product will not be undercut.